Since emails are usually sent in plain text and bounced through a bunch of SMTP relays it is potentially possible for a well placed attacker to sniff for these and read emails without being able actually log into the email account.

I would like to read about real world instances of this attack being used, what well known attacks of this form have been written about?

2 Answers
2

Once an attacker is on a network, they can sniff all traffic moving around it. Let's take, for example, a home WiFi setup that uses WEP.

Attacker breaches WEP, because it's insecure.

Attacker uses promiscuous mode to sniff frames on the network, and steals all traffic.

You send an email via SMTP.

Attacker dumps traffic a file and analyses with Wireshark or a similar tool, and extracts the emails.

It's as simple as that, and it can be performed with free software and off-the-shelf hardware.

Looking at SMTP relays, what you've really got to worry about is state-sponsored attacks. It'd be rather silly to assume that no government is sniffing SMTP traffic on these relays as part of their standard communications intelligence program. However, this doesn't mean that private individuals don't have access - the relays are just computers like any other, and they can be breached.

Furthermore, the traffic between SMTP relays bounces through several other machines and routers on its way, since there's no direct network path. Any one of these might be compromised.

In short, you have to assume that everything travelling over the internet is unsafe. It's an untrusted and hostile network, so you must enforce security.

I know of no instances of one individual's or one organization's email being specifically targeted in this way although I'm sure it has happened. It's fairly challenging in many ways.

What I would say is a known, real world instance is the habit of governments to force ISPs to store every single email going through their networks in the name of anti-terrorism. Most major governments already have, or have plans to record every single electronic communication by every single individual, citizen or not. So if you want to know who the biggest offenders are, it's governments.